The Network Advertising Initiative (NAI), an advertising industry trade group for third-party advertisers, recently released the 2015 update to its Mobile Application Code. The App Code is a set of self-regulatory principles governing the data collection practices of NAI member companies in the context of mobile app advertising. The purpose of the 2015 update is to clarify certain obligations for NAI member companies under the App Code.

The App Code

In 2013, NAI published its Code of Conduct, a self-regulatory framework that governs the practice of interest-based advertising by NAI member companies. Interest-based advertising uses data collection over the Internet to direct specific advertisements to specific consumers based on their interests. The Code of Conduct controls the type of data that member companies are permitted to collect, how they may use it, and what information they must present to consumers about their data collection practices.

The App Code applies the principles of the Code of Conduct to the mobile advertising landscape. Under the App Code, member companies collecting information about consumers from third-party apps must abide by certain notice and user choice standards. For example, companies must inform users of their data collection practices on their websites, and must require apps from which they collect information to provide similar notices in app stores. Further, the App Code requires companies to give users the opportunity to opt out of data collection.

The 2015 update does not add any new substantive requirements. Instead, it clarifies certain existing obligations for member companies under the App Code. Most notably, the update clarifies the rules on the collection and use of personal health information. For example, the update specifies that any information, including inferences, about sensitive health or medical conditions—which include, but are not limited to, all types of cancer, mental health-related conditions, and sexually-transmitted diseases—is deemed “sensitive data.” The collection of such data carries increased responsibilities. Specifically, under the App Code, the collection of any sensitive data requires affirmative opt-in from consumers prior to collection, rather than merely giving consumers an opportunity to opt-out.

To Whom Does this Apply?

NAI is an industry self-regulatory body, and its rules—both the Code of Conduct and App Code—apply only to companies that choose to join the organization. Thus, compliance for non-member companies is entirely optional. Further, NAI consists exclusively of third-party advertisers—i.e., companies that deliver advertisements through websites and platforms other than their own. This contrasts with other advertising industry trade groups, such as the Digital Advertising Alliance (DAA), which applies its own set of interest-based advertising principles broadly to actors across the digital advertising landscape. Thus, all companies involved in interest-based advertising should review and ensure compliance with the DAA principles, whether or not they are NAI members.